Management questions on the self-assessment include:
- Does your district have clearly stated educational goals and values that guide security decisions and connect security practices to teaching & learning priorities?
- Is there a Security Team authorized by the school board that meets on a scheduled basis to discuss security planning and oversight?
The technology checklist includes items such as:
- Are all wireless access points fully encrypted (to WPA standards, or better)?
- Are web filters in place to comply with legal requirements, with the ability for authorized overrides?
- Is your VPN configured to provide secure access to all authorized remote users?
The Cyber Security Planning Protocol is organized into four phases. The first phase deals with setting security goals, with the outcome of creating a security project description including goals, processes, resources, and decision-making standards.
The second phase addresses risk analysis, and districts will complete this phase with a prioritized risk assessment report that contains a ranked list of vulnerabilities.
Risk reduction is the third phase, and this guide will help districts implement their security plans. Risk analysis and risk reduction processes must be regularly repeated to ensure effectiveness.
The fourth phase is crisis management, in which districts will create a crisis management plan to serve as a “blueprint for organizational continuity.”
The Cyber Security Rubric then charts the categorized scores on descriptive levels of “basic,” “developing,” “adequate,” and “advanced”–providing districts with detailed explanations of their respective school network security infrastructures.
The Security Planning Template enables district leaders to note current status of security measures, required immediate and near-future security actions, security budget capabilities, and security plans for upcoming school years.
The Security Rubric and Planning Template are conceptually based on the CEO Forum’s School Technology and Readiness (STaR) Chart and contribute to the school district’s goal of cyber security.
After the three tools have been used, district leaders can begin developing and implementing clearer, more comprehensive cyber security plans and protocols.
- ‘Buyer’s remorse’ dogging Common Core rollout - October 30, 2014
- Calif. law targets social media monitoring of students - October 2, 2014
- Elementary world language instruction - September 25, 2014